I've been reading on various sites how PC get infected by viruses and I got:

Email attachments (but of course, only if I get an exe and open or execute something, right?)

Don't update windows

Downloads (the same as email attachments, right?)

Pros:

I can't think of any worthwhile.

Cons:

Lose my time and attention with it

Slow down my PC

Hard disk space occupied by the antivirus

Make you think that someone wants to get in your PC. (like the intrusions reported by Panda Internet Security)

Money for software

Time to update and bandwidth

A lot of false positives

Wastes my Hard Disk life by scanning it all the time

Slow at opening files (some of them)

Time to configure the firewall, what to let and what to dont let in...

Uses my CPU cycles so wastes my CPU lifetime - everything is used more is wasted! If I run a PC with antivirus of course uses more CPU cycles and will last less than a CPU that is not used with an antivirus. Anyway this is BS because I think the difference is not even substantial, just a "PRO" xD

More energy, more money

Take "care":

USB and external data devices: viruses are activated by the window's autorun feature (so use the url "E:\" to open any external data like USB sticks)

Im not using an antivirus for a long time, and I'm perfectly fine with it. I only want to know more about this matter.
I only want to make you know that I tried a lot of them as I thought it is necessary to have one, but since I don't have I finally can work! ps. I dont use IE

But what if I have a virus right now? My PC is faster like this than with an AV

C:\Users\Totty\AppData\Local\Temp\0489c538b32e4673bb3259bf16fc4922.exe a variant of MSIL/Injector.BM trojan
C:\Users\Totty\AppData\Local\Temp\157347ded2154635b2c01111c9dd7463.exe a variant of MSIL/Injector.BM trojan
C:\Users\Totty\AppData\Local\Temp\4efba19df9864e5fbb6b3712f8f96222.exe a variant of MSIL/Injector.BM trojan
C:\Users\Totty\AppData\Local\Temp\5c6398aa533d4493be2d4b37e17c1452.exe a variant of MSIL/Injector.BM trojan
C:\Users\Totty\AppData\Local\Temp\7505db7e73f94b86b1b0284a64d07350.exe a variant of MSIL/Injector.BM trojan
C:\Users\Totty\AppData\Local\Temp\9f9a39b9de8e4ba5b897bdf9a4ffcafc.exe a variant of MSIL/Injector.BM trojan
C:\Users\Totty\AppData\Local\Temp\adb91477d7f2470e9be9176c5ceb8c04.exe a variant of MSIL/Injector.BM trojan
C:\Users\Totty\AppData\Local\Temp\ed146a5cf2a8499cb357f2dbd7982c6a.exe a variant of MSIL/Injector.BM trojan
C:\Users\Totty\AppData\Local\Temp\nseECD1.tmp.dll a variant of Win32/Adware.GooochiBiz.AK application
C:\Users\Totty\AppData\Local\Temp\nso4711.tmp.dll a variant of Win32/Adware.GooochiBiz.AK application
C:\Users\Totty\AppData\Local\Temp\nssA49B.tmp.dll a variant of Win32/Adware.GooochiBiz.AK application
C:\Users\Totty\AppData\Local\Temp\nsti.exe NSIS/TrojanDownloader.Agent.NCA trojan
C:\Users\Totty\AppData\Local\Temp\nsxF836.tmp.dll a variant of Win32/Adware.GooochiBiz.AK application
C:\Users\Totty\AppData\Local\Temp\svhost.exe multiple threats

And the rest are my torrents downloads;

All of them (viruses only description):

a variant of Win32/GameHack.F application
probably a variant of Win32/TrojanDownloader.VB.JCXGTJX trojan
Win32/NetTool.EtherDetect application
a variant of Win32/Packed.VMProtect.AAD trojan
probably a variant of Win32/Agent.MFNJEN trojan
a variant of Win32/Packed.VMProtect.AAA trojan
probably a variant of Win32/Spy.Agent.HBNLFMI trojan
probably a variant of Win32/Adware.Agent.NHZBYWN application
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of MSIL/Injector.BM trojan
a variant of Win32/Adware.GooochiBiz.AK application
a variant of Win32/Adware.GooochiBiz.AK application
a variant of Win32/Adware.GooochiBiz.AK application
NSIS/TrojanDownloader.Agent.NCA trojan
a variant of Win32/Adware.GooochiBiz.AK application
multiple threats
a variant of Win32/Adware.GooochiBiz.AK application
Win32/Adware.CashTitan application
a variant of Win32/Adware.GooochiBiz.AK application
Win32/Adware.CashTitan application
a variant of Win32/Sefnit.AR trojan
Win32/HackKMS.A application
a variant of Win32/Keygen.BL application
a variant of Win32/Keygen.BH application
a variant of Win32/Keygen.BJ application
Win32/TrojanDownloader.Agent.QCX trojan
a variant of Win32/HackTool.Patcher.O application
probably a variant of Win32/Agent.EMOZOTC trojan
a variant of Win32/Keygen.AS application
Win32/HackTool.Patcher.A application
a variant of Win32/Keygen.AA application
probably a variant of Win32/Spy.Agent.HBNLFMI trojan
a variant of Win32/Sefnit.AL trojan
probably a variant of Win32/Adware.Agent.NHZBYWN application
Win32/NetTool.EtherDetect application
Win32/OpenCandy application
probably a variant of Win32/Spy.Banker.MBDVLVD trojan
a variant of Win32/Packed.VMProtect.AAA trojan
a variant of Win32/Packed.VMProtect.AAA trojan
a variant of Win32/Packed.VMProtect.AAD trojan
a variant of Win32/Packed.VMProtect.AAD trojan
multiple threats
a variant of Win32/Keygen.BH application
a variant of Win32/Keygen.BH application
NSIS/TrojanDownloader.Agent.NCA trojan
Win32/Agent.QTP trojan
Win32/OpenCandy application
a variant of Win32/Keygen.AK application

Found Dialer.Generic
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Questionmarket
Found Tracking cookie.Questionmarket
Found Tracking cookie.Questionmarket
Found Tracking cookie.Pointroll
Found Tracking cookie.Pointroll
Found Tracking cookie.Pointroll
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Webtrends
Found Tracking cookie.Doubleclick
Found Tracking cookie.Casalemedia
Found Tracking cookie.Serving-sys
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Atdmt
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Zedo
Found Tracking cookie.Yadro
Found Tracking cookie.Trafic
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tacoda
Found Tracking cookie.Tacoda
Found Tracking cookie.Tacoda
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Serving-sys
Found Tracking cookie.Ru4
Found Tracking cookie.Ru4
Found Tracking cookie.Ru4
Found Tracking cookie.Ru4
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Revsci
Found Tracking cookie.Pro-market
Found Tracking cookie.Overture
Found Tracking cookie.Overture
Found Tracking cookie.2o7
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Webtrends
Found Tracking cookie.Liveperson
Found Tracking cookie.Liveperson
Found Tracking cookie.Liveperson
Found Tracking cookie.Liveperson
Found Tracking cookie.Hotlog
Found Tracking cookie.Gamershell
Found Tracking cookie.Gamershell
Found Tracking cookie.Fastclick
Found Tracking cookie.Fastclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Casalemedia
Found Tracking cookie.Burstnet
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Adtech
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Adbrite
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.2o7
Found Tracking cookie.247realmedia
Found Tracking cookie.Adbrite
Found Tracking cookie.Yadro
Found Tracking cookie.Yadro
Found Tracking cookie.Yadro
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Tradedoubler
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Webtrendslive
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Smartadserver
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Real
Found Tracking cookie.Questionmarket
Found Tracking cookie.Questionmarket
Found Tracking cookie.Questionmarket
Found Tracking cookie.Pointroll
Found Tracking cookie.Pointroll
Found Tracking cookie.Pointroll
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Mediaplex
Found Tracking cookie.Webtrends
Found Tracking cookie.Webtrends
Found Tracking cookie.Doubleclick
Found Tracking cookie.Doubleclick
Found Tracking cookie.Serving-sys
Found Tracking cookie.Serving-sys
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Atdmt
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Advertising
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.Yieldmanager
Found Tracking cookie.247realmedia
Found Tracking cookie.247realmedia

*facepalm. "I leave my car unlocked, windows rolled down, the keys are in the seat, and park it in a bad neighborhood. Just now I found a bomb under my car, drugs in the backseat, and a whole bunch of other bad stuff. Should I do something about this? I mean its not like their doing anything, my car works (as much as I can tell) the same, and I save 5 seconds getting in".
–
TheLQJul 30 '11 at 2:08

11 Answers
11

TL;DR: There are many more threat vectors from which a virus may be caught than you might think. Viruses commonly exploit holes in software for which there is not yet an available patch. Only third-party software, such as an Antivirus program which can detect and prevent execution of exploit code, can protect you from this.

I've been reading on various sites how PC get infected by viruses and I got:

Email attachments (but of course, only if I get an exe and open or execute something, right?)

WRONG

Viruses attached in e-mails do not only come in .EXE files. They can be any form of document - PDF, PPT, DOC, XLS, SWF, etc. Strictly speaking, any time you "open" any file, you're telling your computer to process whatever data elements are in that file. This may just represent a picture or text document, but it's still something that's being read and translated by your computer. If the document is deliberately mal-formed in a way that exploits a hole in whatever applications (or even the OS itself) that are processing the file, that translation can be turned into real execution of code without your knowledge or consent.

Don't update windows (well this is BS)

I'm not sure what you're saying "is BS" - that you are more vulnerable to viruses by running an out-dated OS, or that people would even consider not updating Windows? Regardless, you should always keep your OS and all installed software up-to-date. This alone does not make you immune to viruses by any measure, but it does make it much more unlikely that any virus you come across may actually exploit your system. Even with a fully up-to-date OS, however, you still risk infection from zero-day exploits or other vulnerabilities which the OS manufacturer has not yet addressed via patch or update.

Downloads (the same as email attachments, right?)

Yes, and no. Downloads, by the popular usage of the term, should of course be treated just the same as e-mail attachments - don't download anything from a site you don't trust, and don't open any download that you're not sure is safe. However, strictly speaking, even the website you're reading my post on is itself a "download", as is every other web page on the Internet. Every time you browse the Internet, whether you're selectively "downloading" a file or not, you are just as exposed - if not more so - as you are whenever you open an e-mail attachment.

USB and external data devices: viruses are activated by the window's autorun feature (so use the url "E:\" to open any external data like USB sticks)

Again, yes and no. First, to the point of viruses being "activated by the windows's autorun feature" - this is not the only way you can receive a virus from a USB drive. The drive can have an infected document on it, which you may be either deliberately or accidentally tricked into opening. (Accidentally would be a case where the person giving you the file doesn't know it's infected.) Second, "use the url E:\" is neither the only safety precaution that should be taken, nor is it in itself even 100% safe. To begin with, you should disable autorun altogether. Even then, I believe I've seen articles where certain OS vulnerabilities can lead to an infection even by viewing the contents of the folder in which the virus resides - which is exactly what you may be doing by navigating to the root directory of an infected USB drive.

Money for software

WRONG

There are many free Antivirus solutions out there, which are equal or superior to the paid products in terms of offered protection. My personal preference is for Avast!, but I've heard of many good experiences with Avira, AVG, and Microsoft's Security Essentials.

A lot of false positives

Generally, WRONG

This may vary greatly from vendor to vendor, but in my experience false positives are few and far between. If you really think you're getting that many "false-positives", then you probably should be re-considering what software and documents you're loading on your system and from where - or, you may just want to look for a different Antivirus vendor. If there are files that you know for sure will set off a false-positive detection, most Antivirus products have an option for you to white-list them rather simply.

ps. I dont use IE

It doesn't matter. Any web browser can be exploited, and many web-based exploits don't even target the browser anymore - they target plug-ins like Flash, Java, etc. Chrome for some time has been widely regarded as the "most secure browser", but there's even been exploits publicized that still work there! Even if you find a browser that is "totally secure" today, the threat landscape of tomorrow (nay, even five minutes from now) may see it easily compromised.

But what if I have a virus right now? My PC is faster like this than with an AV

Sure, your PC is faster, for now. However, the hypothetical virus posed by your question could easily bring it to a grinding halt, much worse than most antivirus products would ever do. Even if our hypothe-virus doesn't cause a performance hit to your PC, it could be silently sending off loads of personal data stored on your computer, or login credentials for websites where more of your personal data (or financial resources) are stored. Alternately, the owner of the virus could just take control of your computer and use it to transfer all manner of illegal content which could bring the police knocking at your door. Once a black hat has his code running on your machine, you're effectively at his mercy.

I really want to know for real how might I get infected!

There are a number of vectors from which an attack can infect your computer.

Web browsing & downloads

Email attachments

Peer-to-Peer downloads

Removable media (CD/DVD/BRD/SD/MicroSD/etc.)

Attachable media (thumb drives/USB HDDs/etc.)

Network drives

Infected systems on the network

Other USB devices - note that usb devices may actually not be what they seem to be, and may exploit various USB driver bugs (from @nealmcb)

All of these require exploitation of a vulnerability in either your Operating System or installed software. Your first defense against this is to keep your system up to date. However, it is also very important to recognize that not all vulnerabilities are currently patchable. This applies to both publicly-known vulnerabilities as well as, of course, zero-day exploits. When a vulnerability is discovered, vendors can take months or even years before they release a patch for it. In some cases, a patch is never released at all because the vendor considers the vulnerability to be too low-priority for whatever reason.

Given this, your only defense against non-patchable vulnerabilities and (though perhaps to a lesser degree) zero-day exploits is to have something inspecting the code that is being run on your computer, before it is run. There's a number of appliances and utilities that don't even need to run on your local computer to provide this service, such as firewalls, proxies, and network-based intrusion detection/prevention systems. However, the only tools that can inspect all of the code which will be run on the system, including data that does not traverse the network (removable/attachable media, data downloaded while on other networks), are those that are run on the host itself - like Antivirus.

Host-based antivirus/antimalware software can intercept exploit code before it has a shot at your system's un-patchable (or, just un-patched) vulnerabilities, and in some cases can even detect attempted zero-day exploits via behavioral and heuristic analysis. I can't think of any other tool that can offer protection like this, and cover all possible entry vectors to the machine.

Nobody knows all the infections vectors of virus. You could at any time encounter a way to be infected you don't know about.

Of course, anti-virus have to be "lifesavers for dumb users", that does not means they are of no use to security professionals.

Of course, security comes with a cost. But if you have good pratices, you can lean how to limit the actions of you anti-virus, like scanning only on file writing, configuring exception in file extensions. But you really need to know what you are doing.

If you want to be sure you're not infected, you have no matter if you had anti-virus or not* on your computer, run an offline analysis. Because you can't guarantee the sanity of your anti-virus.

@Totty an infected USB (or any media, really) need not use the autorun vector to infect a PC. It is possible that merely displaying a directory in Explorer can cause an infection by using a specially crafted file that Explorer reads for metadata, previews, etc. Older versions of Explorer, particularly in XP, would crash if you opened a directory with a corrupt AVI file. That was a bug in how Explorer displayed previews of the AVI as the file's icon. If an attacker can crash a program then they can figure out how to run arbitrary code. All this from just looking at a file in Explorer.)
–
Andrew LambertJul 28 '11 at 21:41

But what if I have a virus right now? My PC is faster like this than with an AV

Viruses are not (generally) about speed. A virus/trojan/malicious piece of software usually exists to make it's author money. Malware authors have gotten quite good at coming up with roundabout ways of doing this (in order of problems for you):

Modify all your web search pages to point to things they get ad money for.

Try to get you to pay for some fake AV product.

Use of your computer and bandwidth in a botnet kind of scenario. This eats up bandwidth and could implicate you in attacks against people like Amazon or Yahoo, which rest assured won't be happy with you :)

Some types of buggy file infectors (namely, some variants of Sality and Virut) destroy one out of every 4 or 5 executables they come across. In such cases, the infection isn't "curable" even with an A/V tool, because the originals got destroyed by the virus. Moreover, due to the file infecting nature of such things, you're usually forced to lose any data stored on the afflicted machine.

Malware can steal credit card numbers, social security numbers, and other sensitive information. If your machine can see other people's SSNs they are not going to be happy with you when you leak their socials to various identity stealing networks.

Slowing your machine down isn't the point. Making money is. Even if you have no knowledge of these kinds of things on your machine, you still can be held liable depending on the kind of data that you would leak via malicious software.

A lot of security professionals do not use anti-virus using the same logic as above. But they can also detect when they've been infected, such as by watching for unknown outbound network traffic.

Also, just because you know the right behavior doesn't mean you can't get infected. The most vulnerable part of your computer is the browser, Adobe Flash, and Adobe Acrobat. We regularly discover, after the fact, that hackers have been exploiting an unknown bug in Flash or Acrobat, taking control of people's machines. So you can still get infected with something, no matter how smart you are.

On the other hand, when hackers to this, they tend to choose a customer malware that's not currently detected by anti-virus.

Like all things in security, using anti-virus is a tradeoff, and nobody but you can adequately decide what tradeoffs you are willing to bear.

For me, this is the main argument for using an AV. If you don't update Windows, you're leaving yourself open to any OS or OS component vulnerabilities. An AV can catch those. Even if you do update Windows, AVs give you limited protection against 0-day vulnerabilities in the time between the discovery of the exploit and the hotfix or software update. With the rate the malware definitions are updated, the exploit may be blocked by the AV explicitly well before the official fix rolls out; AV heuristic detection provides some protection as well.

The overhead for running AV software is negligible on any modern PC. I find the 0-day protection well worth that.

P.S. Why would you say that it's "BS" that not updating Windows can lead to virus infection? The old, famous Code Red worm spread using an IIS exploit. If you didn't update, you could easily get infected.

I've been thinking this exact same way for a while: antivirus are lifesavers for dumb users, but a complete waste of time and resources for people who know what they're doing.

...

Then something infected my computer while I was browsing a perfectly innocent web site from a Windows 7 computer updated with all latest patches.

I still don't know how it went in, but I'm absolutely sure I didn't click on anything and wasn't asked to download/run/install anything.

However, it's also true that subesequently no antivirus/antimalware/antieverything was able to find and remove the offender, so it probably wouldn't have been detected and stopped even if I had an antivirus running...

I can be perfectly careful with my PC, but still I quite often need to get (or pass) a file / folder from (to) someone else computer via USB. Several times my AV detected that USB is infected and cleaned it.

Personaly it's not about - I have virus which slows down my computer, it's about - I might have virus which sniffs through my private data.

There are a lot of good points here, but also some misunderstanding as to what value AV gives you. Trying to summarise a little, and add in my thoughts:

Antivirus solutions, are still broadly signature based. The better ones have some heuristics, statistical or behaviour analysis tools added on, as well as de-obfuscators and decryptors, but the major part of what they do is look for code signatures specific to viruses or malware.

Yes, the file access can slow things down, especially if you have it enabled on every file open, but for the better AV products this is minimal.

It is critical, though to remove the vast majority of attack attempts upon your computer, as part of a layered defence, as without it you are presenting a risk not only to your own data (which you may not worry about) but to others (if your machine is compromised and you haven't secured it, you could be inadvertently assisting organised crime gangs in attacking others. Saying you have nothing of value on your machine is no excuse - you are just being selfish and ignoring your responsibilities)

Sure, AV is only a small part of that layered defence; you want most or all of the following:

Choke router - reduces your sesceptibility to DoS (won't save you from a targeted DDoS, but helps to drop a huge amount of dross packets, and has the side-effect of giving you better throughput)

Firewall - also protects you from a wide range of attacks

Antivirus - as discussed...keep it up to date and you remove the number of possible attacks. This links in with the next one.

Up to date patches - this will protect you from far more attacks than you might expect. The bad guys still use attacks from years ago - there is no cost to them to do this, so it is a win for them.

Removal of autorun - to protect from a lot (not all) of the removable media attack vectors

Segregated network - use DMZ's and isolated network segments. This makes an attack much harder.

Removal of trust relationships - your computers should not trust a machine in another network

And change your behaviour - if you go to websites offering material which breaks the law, there is a greater chance of the website offering up less welcome gifts. Admittedly, you can't be sure anywhere, as attackers are well known for compromising popular sites to serve malware unwittingly, but in an untrustworthy Internet there are areas that are far less trustworthy than others.

There are loads more ways to help protect yourself, but they are all incremental. There is no silver bullet. Use as many layers as you can and you stand a better chance of slowing an attacker down enough that you spot him before he is successful.

You're basically telling us that you don't care about your security and you're asking us why you would use a security product? The answer is simply that you wouldn't.

If you don't have any concern, even when you are told of the potentials and when you are aware that you already have viruses that could easily produce these potentials, then you obviously will not accept any answer we give you, regardless of the logic behind said answer. These cases of malware exist for a reason, if they were not meant to gain something from you they would not have been made the way that they are. It is your choice to disregard that, even if there are countless examples of the impact this can cause.

I'm just crossing my fingers that this computer is in no way tied to any company.

I care of course, but no antivirus can guarantee me total protection. If someone can make a virus that bypass an updated antivirus software (I think that only detects common, in terms of type, and known to-date viruses), is the same as having 54 viruses... Is enough 1 virus to stole your data, so... 54 will not make so much difference. "They only stole 54 time more lOl"
–
Totty.jsJul 29 '11 at 18:58

@Totty there is no way to have total protection. period. I would be upset if there was one virus on my computer that got by me, so 1 or 54 is bad. So take the same amount of time you've had here and find a anti-virus solution that suits you. Might i suggest the Microsoft solution, it will at least give you some protection.
–
OrmisJul 29 '11 at 21:36

So using an antivirus, my PC can become a "zombie" and viruses can stole my passwords, and feel "secure" because my AV doesn't show any treats? So the only difference is that with a AV is harder, but the question now is: how much harder is really?
–
Totty.jsJul 29 '11 at 23:13

1

@Totty - With your computer usage habits, Antivirus would make a world of difference in terms of the likelihood of you being infected. I suggest carrying further discussion to chat, though. chat.stackexchange.com/rooms/151/the-dmz
–
IsziJul 30 '11 at 0:43

So, in addition (with some overlap) to all the great responses to this question, i still like to say this...

Think of your computer/private network as a country... If you have a country with valuable resources (aka. your private information, etc.) would you leave your boarders open when you see an army surrounding them? would you let anyone walk into your home if you were told that there was an assassin looking to take you down?

Antivirus is one of the multiple layers of security that one should establish to keep themselves secure. Like many others have stated, it protects you from implementations of vulnerabilities that have not been mitigated through the respective application's mechanisms. AV mitigates threats out-of-band. These non-patched vulnerabilities, aka. zero days (O-Days) can be used for leverage to gain access to your machine.

As, i alluded to before, there are many other layers of security that should be in place. These layers include OS Updating, firewalls, anti-spyware, and depending on your intended level of security there can be many more.

If your system is compromised (which from the sounds of how opposed to security you are, i wouldn't be surprised), not only could the attacker cause you annoyance while you are using your system, but they could then use that compromise to do much more behind the scenes. The idea of persistence comes to mind. By that I mean that the compromise may result in your other security layers being also compromised to better hid the attacker's activities. That attack may be used to gain financial information about you, steal your identity, gather your password information to all of your online services, pivot onto your private network, stage attacks against other machines, and anything else that the attacker can think of. Many times the owner of a compromised machine that is used in an attack against another system (lets say in an hactivist attack or an attack on a government system) may be held accountable.

So, not only could you risk your credit and reputation, but also you may risk prosecution.

Additionally, if you do your research you can easily get an anti-virus solution that does not hog your system. And I don't believe that I've seen a false-positive from my antivirus solutions in the last year (aside from intentionally downloading exploits or penetration modules). There are also many solutions out now for doing virus scans via a browser plugin. This method still gives you the benefit of scanning your computer against that company' virus database, but segregates it from your system more than the tick client (also, it helps if you want to run multiple anti-viruses).

This being said, I, for one, rarely use an Antivirus solution. But I am currently working in the security field and I do not store PII or connect to any authenticated services without an antivirus installed. Like someone else said, i am constantly looking at my running services, my iptables setups, my inbound/outbound traffic and ports, etc.... and that's on machines that I have no valuable information on.

As for your firewall comment, an anti-virus and a firewall are two separate entities. Both of which should be used. Please don't tell me that you're not using AV or firewalls. I can't remember what study it was precisely , but i believe the statistic was that your computer cannot sit on the internet for more that 10 minutes without being attacked. Granted simple security stems will mitigate most of these threads posed by simple web crawlers looking for vulnerable machines that are easy pickings.

If you want a more simple explanation, here it is... it's one more way to keep your what you have out of the hands of thieves. Why would you not use an anti-virus when you can easily get a free application which has little false-positives and little performance impact. Most people that i deal with are infected because of what we call "Internet Drive-Bys" (which is a whole separate topic to discuss). And none of the best practices that you say that you employ would sufficiently protect you from these attacks.

The name of the game for most of security (though fairly short sighted) is to make deter attackers enough that they target someone more easy to win against. from what I've read, you're making yourself this target, please do something about it.

that came out more as a rant than a well-structured response, i apologize

Why would you not use an anti-virus.. - Because it is a performance hog. There are no viruses in the wild for my system, so a scanner only adds attack surface. And worst of all, it is unreliable and provides a false sense of security. You can never be sure that a virus was actually completely removed without a full subsequent analysis. OS task isolation is simply too brittle. It is not without reason that the Linux devs don't report security bugs anymore.
–
pepeJul 28 '11 at 23:20

@pepe: Your statement "It is not without reason that the Linux devs don't report security bugs anymore." is an outright falsehood. You should see to that.
–
Scott PackJul 29 '11 at 0:20

@ScottPack: lwn.net/Articles/290227 Maybe you have updates to that? The general attitude is that you should use the 'stable' kernel lines but there are still no guaranteers there. Bottom line is that your distributor is responsible for incident handling.
–
pepeJul 29 '11 at 6:43

@pepe I hope that I'm misunderstanding your point here. Are you saying that the creators of an operating system are the ones that are responsible for it's security? If that's the case, I don't know of one remotely security minded individual that would agree. I would never trust the kernel devs with security (or any developers for that matter), let alone trust Microsoft for windows security. They've come a long way, but to me it's on the same level of having a payroll company handle their own payroll.
–
OrmisJul 29 '11 at 18:19

I recommend it to average Windows/OSX users. But even there, the first line of defense must be regular software updates, use of relatively secure software and a piece of user education. Though I'm not sure on the effectiveness of the last one. AV is only a detection mechanism that might help out if you're lucky.

For skilled users, there is little gain in using AV software. If a piece of malware is so well-designed that you don't notice it, chances are it also disabled the AV software while you weren't looking.

Zero-Days are not really an argument here, such "fresh" malware is usually tested against the most common AV products and thus also not detected by them.

If it is a targeted attack, the AV may not do much to protect you. But AVs are great at picking up bad downloads (seeing that he said he downloads torrents) and catching the every-day viruses that are constantly floating around. Realistically, if the virus is "fresh" there would be no way for the AV to even have a fingerprint for it, so i don't know where you're getting that comment from.
–
OrmisJul 28 '11 at 21:39

2

What @Ormis said. Plus, I believe most people here are (at least I am, explicitly) using "Zero Day" to describe vulnerabilities for which the vendor has not issued a patch - not necessarily vulnerabilities which have thus far eluded public knowledge. There are many vulnerabilities that exist in the wild for months (or years, even) without a patch being issued from the vendor, and Antivirus software is the only real way most users can defend against these.
–
IsziJul 28 '11 at 21:41

@Ormis: Most current systems have heuristics to detect unknown viruses, plus they try to make signatures generic. So, if you develop a new virus, you check it against current AVs and modify it binary code until it is not detected anymore.
–
pepeJul 28 '11 at 22:55

@lszi: I would not call this method "real defense" in any way. The past has shown that malware writers can simply flood the network with new variations of the same virus, modified only so much that it is not detected by the current signatures. There was a very famous example for this back in the WinXP days, maybe someone here knows the name. So AV is, at best, a heuristic method to catch maybe 80% of the stuff that comes in despite windows update etc. Hence my opinion stands: The dummy user should use it, but the expert may decide for himself. He will be aware of such 0days.
–
pepeJul 28 '11 at 23:09

@pepe - no, he will not be aware of 0days at first. Initially, only the developer of the 0day knows about it. That window of opportunity can be quite wide...
–
Rory Alsop♦Jul 29 '11 at 9:53